Data Subject Access Rights Policy

1. Introduction

This Data Subject Rights Policy explains your rights regarding your personal data that the American Bureau of Shipping and affiliated companies (“ABS,” “we,” “us,” or “our”) process, specifically in relation to the following rights: 

    I.       Right to be informed (what we hold, what we use it for and more)

   II.       Right of access (copy of the personal information we hold)

  III.       Right to rectification (to correct anything that is wrong)

  IV.       Right to erasure (right to be forgotten)

   V.       Right to restrict processing (restrict or stop use if in dispute over accuracy)

  VI.       Right to data portability (being able to transfer your data from one organization to another)

 VII.       Right to object (stop processing if consent withdrawn or use is unlawful)

VIII.      Rights relating to automated decision-making and profiling (decisions made by computer and monitoring or evaluation)

This policy also outlines how you can exercise these rights.

This policy should be read in conjunction with the main ABS Privacy Policy, which provides more detail on how we collect, use and protect your personal data.

ABS is committed to processing and protecting Personal Data in accordance with international data privacy laws and to ensuring you can effectively manage your data. Where an applicable local law, regulation or contractual obligation requires a higher standard, we will follow the requirements of that law, regulation or contract.

This policy sets out our global baseline data subject rights principles and processes. These principles and processes are not absolute and may be subject to certain conditions or exemptions under applicable law.

2. Your Data Subject Rights

I. Right to be Informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. We provide this information in this policy and in the ABS Privacy Policy, including details about your rights, how to make a complaint and who to contact if you have any concerns.

Under certain circumstances, we may not have to tell you about the processing of your personal information if you either already have the privacy information or if it would involve a disproportionate effort to provide it to you. We may not need to tell you if we are required by law to disclose your information to a third party; for example, if we receive a court order to disclose some of your information for a legal process.

II. Right of Access

You have the right to request access to your personal data and certain other information held by ABS. This includes paper records and electronic records and is commonly referred to as a Data Subject Access Request (DSAR). A DSAR is a written or verbal request received from you to request a copy of your personal data.

On receipt of a valid request from you, we will provide you with a copy, or a list, of the applicable data, along with any other relevant rights or disclosures required by applicable law.

There may be circumstances when we won’t give you all the information we hold about you. This might be because it contains confidential information about another person or because it may cause serious harm to you or someone else’s physical or mental well-being.

III. Right to Rectification

You are entitled to have your personal data corrected if it is inaccurate or incomplete. This right depends on the type of data involved and the purpose of the data processing. Factual inaccuracies will be amended promptly, but there may be instances where we are unable to change a record and it may be more appropriate to add a supplementary statement to data that cannot be rectified to ensure its future processing is correct.

On receipt of a valid data correction request (including sufficient evidence regarding the inaccuracy of the relevant data), we will determine whether and how to process the request and will inform you of our decision and any related actions taken.

IV. Right to Erasure

You are entitled to request the deletion or removal of your personal data. The right is not absolute and only applies in certain circumstances. You can request to have your personal data erased if:

  • You believe your personal data is no longer needed for the purpose it was collected or processed
  • You withdraw your consent (where “consent” is the lawful basis for processing)
  • ABS is legitimately processing your data as part of the business function, but you believe your right overrides thi
  • You do not wish to receive marketing and fundraising correspondence
  • You allege that your personal data has been processed unlawfully
  • You allege that the erasure is required as a legal obligation

In certain instances, we may nevertheless be prevented from deleting your personal information, including but not limited to those instances where

  • We need it by law to carry out a legal obligation
  • It is needed for legal claims
  • It is needed for the protection of public health
  • It is needed for archiving, scientific or historical research or statistical purposes

V. Right to Restrict Processing:

You have the right to restrict the way we process your personal data in certain circumstances. This right applies when you have a particular reason for the restriction. We may still store your data, but we cannot use it while the restriction is in place. You can request restriction of the processing of your data if:

  • You contest the accuracy of your personal data and would like this verified
  • You allege that the data has been unlawfully processed
  • ABS no longer needs your personal data for processing, but you need us to keep for a particular purpose, e.g., a legal claim

ABS can lift the restriction when:

  • Your request is being investigated
  • The processing is necessary for our legitimate interests, and it overrides your right to restriction

VI.  Right to Data Portability

You have the right to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer personal data easily from one environment to another in a safe and secure way, without affecting its usability. This right only applies to personal data you have provided to us, where the processing is based on your consent or for the performance of a contract, and when processing is carried out by automated (electronic) means. This means that, where you have submitted information to us online or through an automated process such as a job application, you can have a copy of that information returned to you in an electronic format so that you can transfer it to another organization.

You can ask us to send the information directly to the other organization for you, if technically possible.

VII.  Right to Object:

You have the right to object to the processing of your personal data in certain circumstances.

You have an absolute right to stop your data being processed where it is being used for:

  • Direct marketing
  • For our legitimate interests (unless we can prove a compelling reason to continue processing)
  • For scientific or historical research, or statistical purposes

VIII. Rights Relating to Automated Decision-Making and Profiling

You have the right:

  • Not to be subject to a decision based solely on automated processing (including profiling) if the decision produces legal effects concerning you or similarly significantly affects you
  • To understand the reasons behind decisions made about you by automated processing and the possible consequences of the decisions
  • To object to profiling in certain situations

Automated decision-making is when a computer makes a decision based on information entered into a system without any human involvement, for example, recruitment aptitude tests using preprogrammed algorithms and criteria.

Profiling is a form of automated processing which monitors and evaluates such things as a person’s behavior, location or personal preferences.

If we engage in such activities, we will ensure appropriate safeguards are in place so we don’t make potentially damaging decisions about you without any human involvement.

 

3. How to Exercise Your Rights

To exercise any of the rights described above, please contact us at the following address, specifying the right you are intending to exercise:

Email: ABS-WorldHQ@eagle.org

 

4. Verifying Your Identity

To protect your personal data and the personal data of others, we must verify your identity before processing your request. The measures we take to verify your identity will be proportionate to the sensitivity of the personal data and the risk of harm from unauthorized access or disclosure. We may ask you to provide additional information to confirm your identity by responding to an email sent to an email address we have on file for you. In some cases, where the sensitivity of the data or the nature of the request requires a higher level of assurance, we may request a copy of an identification document (e.g., driver's license, passport). We will specify if this is needed and how to provide it securely.

Any information you provide for identity verification will be used solely for that purpose, handled securely and deleted in accordance with our data retention policies after verification is complete. If we are unable to satisfactorily verify your identity based on the information provided, we may not be able to fulfill your request and will inform you accordingly.

What to Expect After You Submit a Request

Once we receive your verifiable request through the designated channel:

  • Acknowledgment: We will aim to acknowledge receipt of your request within a reasonable timeframe, generally five working days, or as otherwise required by applicable law. This acknowledgment may include your unique request reference number.
  • Clarification: If your request is unclear or if we need more information to process it (including for identity verification), we may contact you.
  • Response Time: We are committed to responding to your request without undue delay and at the latest within the timeframe stipulated by applicable law from receipt of your verifiable request.
  • Extensions: If your request is complex or if we have received a number of requests from you, we may extend the time to respond by a further period, where permitted by law. If we need to extend the time, we will inform you within the initial response period, explaining the reasons for the delay.
  • Our Response: Our response will address your request in accordance with applicable law. If we grant your request, we will take the appropriate action. If we are unable to comply with your request (in whole or in part) due to a legal exemption or other permissible reason, we will explain our reasons in our response, unless legally prohibited from doing so.

 

6. Fees

We will generally not charge a fee to exercise your data subject rights. However, where permitted by applicable law (for example, if your request is manifestly unfounded, excessive, or repetitive, or if you request further copies of your data after an initial access request), we reserve the right to charge a reasonable fee to cover our administrative costs or to refuse to act on the request. If a fee is applicable, we will inform you of the basis for the fee and provide an estimate before proceeding with your request.

 

7. Requests from Authorized Agents

You may designate an authorized agent to make a request on your behalf. If you use an authorized agent, we will require:

  • Proof of the agent’s identity
  • Written permission signed by you, authorizing the agent to act on your behalf
  • Direct verification of your own identity with us, or proof that the agent has power of attorney

We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf. These steps are to ensure your data is protected.

 

8. How to Make a Complaint

If you are unsatisfied with our response to your request, or if you believe we are not processing your personal data in accordance with applicable data protection law, we encourage you to first contact us to resolve the issue:

Email: ABS-WorldHQ@eagle.org

You also have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction. Information on relevant authorities can typically be found on their respective websites (e.g., for European countries, via the European Data Protection Board website; for U.K. individuals, via the Information Commissioner's Office; for U.S. individuals, via your State Attorney General's office).

 

9. Contact Us for Data Subject Rights Questions

If you have any questions about this Data Subject Rights Policy or how to exercise your rights, please contact ABS-WorldHQ@eagle.org.

 

10. Policy Updates

ABS reserves the right to update this Data Subject Rights Policy from time to time to reflect changes in our practices or legal obligations.

 

11. Accessibility Statement

ABS is committed to making this information accessible. If you require this Data Subject Rights Policy in an alternative format due to a disability, please contact us using the details provided in Section 9.